IEC 63208-2025 PDF

Full title and description

St IEC 63208-2025 — Low-voltage switchgear and controlgear and their assemblies — Security requirements. This International Standard specifies security requirements and guidance for the main functions of low‑voltage switchgear, controlgear and their assemblies (referred to as "equipment") in the context of operational technology (OT). It addresses wired and wireless communication interfaces, physical accessibility and applicable environmental conditions, with the objective of reducing vulnerabilities to security threats that could cause unintended operation, loss of protective function or other degradation of the main function.

Abstract

IEC 63208:2025 is the first edition as an International Standard (replacing IEC TS 63208:2020) and provides mandatory requirements and practical guidance for security risk assessment, assignment of equipment security levels, selection of countermeasures (including references to IEC 62443-4-2), conformance verification and testing, and user instructions for installation, operation and maintenance. The publication includes annexes with typical architectures, use cases, development methods, integration recommendations and security protection profiles by equipment family. This edition constitutes a technical revision that tightens the relationship between security risk and functional safety and introduces defined attack/impact levels and verification criteria.

General information

• Status: Published — Final International Standard (first edition).
• Publication date: 22 August 2025 (IEC base publication; a pre-release FDIS was made available earlier in May 2025).
• Publisher: International Electrotechnical Commission (IEC), TC 121.
• ICS / categories: 29.130.20 — Low-voltage switchgear and controlgear.
• Edition / version: Edition 1.0 (2025).
• Number of pages: IEC electronic publication lists 126 pages (note: some national bodies or bilingual/printed vendor variants list a larger page count, e.g. 262 pages for certain bilingual/print editions).

Scope

This standard applies to the main functional elements of low‑voltage switchgear and controlgear and their assemblies throughout the equipment lifecycle where security threats could cause unintended operation or loss of protective functions. It covers assessment of the exposure of communication interfaces, determination of required equipment security levels, assignment of countermeasures (technical and organisational), and conformance verification and testing. Exclusions include general IT systems, IACS engineering workstations and applications, certain network infrastructure devices, large critical‑infrastructure/energy management system scopes and design-lifecycle management (for which IEC 62443-4-1, ISO/IEC 27001 and related lifecycle standards are referenced).

Key topics and requirements

• Security risk assessment methodology including defined attack levels, typical threats and impact assessment, and the relationship between security risk and safety.
• Determination of equipment security level based on exposure and impact.
• Assignment of countermeasures mapped to IEC 62443-4-2 criteria and to ISO/IEC 27001 where relevant (including physical access and environmental protections).
• Conformance verification, testing requirements and guidance for verification activities.
• User instructions and integration guidance for installation, operation and maintenance to sustain security in deployed assemblies.
• Annexes providing architectures, use cases, development methods, integration recommendations and security protection profiles for equipment families (Annexes A–I and bridging references such as Annex K).

Typical use and users

Primary users are manufacturers and designers of low‑voltage switchgear and controlgear, product development teams implementing OT security, system integrators and panel/assembly builders, conformity assessment and test laboratories, certification bodies, asset owners/operators and regulators responsible for electrical safety and resilience. The standard is used to define product security requirements, to guide secure product development and to support type‑testing and factory acceptance testing where security verification is required.

Related standards

Key related documents and series include IEC TS 63208:2020 (the technical specification replaced by this edition), the IEC 62443 series (notably 62443-4-1 and 62443-4-2 for secure product development and component requirements), ISO/IEC 27001 for organisational security controls, and applicable product/assembly standards in the IEC 61439 and IEC 60947 families depending on the equipment. Where adopted regionally, national/adopted versions (e.g., BS EN IEC variants) may appear.

Keywords

low‑voltage switchgear, controlgear, assemblies, OT security, cybersecurity, physical security, IEC 63208, IEC 62443-4-2, ISO/IEC 27001, risk assessment, protection profiles, conformance verification.

FAQ

Q: What is this standard?

A: IEC 63208:2025 is an International Standard that specifies security requirements for low‑voltage switchgear, controlgear and their assemblies to address vulnerabilities that could affect safety and the main protective functions of the equipment.

Q: What does it cover?

A: It covers security risk assessment (including attack and impact levels), determination of equipment security levels, assignment of countermeasures (with references to IEC 62443-4-2 and ISO/IEC 27001), user instructions, conformance verification and annexed guidance such as architectures and protection profiles. It excludes general IT systems, IACS engineering workstations and certain network devices and defers lifecycle management guidance to IEC 62443-4-1 and similar standards.

Q: Who typically uses it?

A: Product manufacturers, OT/security engineers, system integrators, test and certification labs, asset owners and regulators who need to define or verify security requirements for switchgear and controlgear products and their assemblies.

Q: Is it current or superseded?

A: IEC 63208:2025 is current as the first edition of the International Standard published in 2025; it replaces IEC TS 63208:2020. A pre-release (FDIS/PRV) was made available during the voting period earlier in 2025.

Q: Is it part of a series?

A: It is closely aligned with, and intended to be used alongside, the IEC 62443 series (cybersecurity for industrial automation and control systems) and ISO/IEC 27001 for organisational information security; it also links to relevant IEC product and assembly standards such as IEC 61439 family where electrical assembly requirements apply.

Q: What are the key keywords?

A: Low‑voltage switchgear, controlgear, assemblies, OT security, cybersecurity requirements, risk assessment, attack levels, IEC 62443-4-2, protection profiles, conformance verification.